<h1>Access Control</h1>

<p>For Access Control the class A_User_Session is used. The A_User_Session class has login() and logout() methods to store user data in the session to indicate that the user has been authenticated. </p>
<h2>Basic access control</h2>
<p>There are rules provided to do simple level and group access control. The basic way to check if a user is signed-in is:</p>
<pre class="prettyprint lang-php">
&lt;?php

class admin {
	
	function index($locator) {
		$usersession = A_User_Session();
		if ($usersession->isLoggedIn()) {
			// access allowed
		} else {
			// return action to Front Controller to forward
			return array('', 'login', 'index');
		}
	}
	
}
</pre>

<h2>Access Control Using Predefined Controller Method</h2>
<p>There is another way to do Access Control using a feature of the Front Controller. First you register a Pre-Filter to be executed before the normally dispatched method. You then define this method in your controllers and use its return value to forward if access is denied. So in index.php you do:</p>

<pre class="prettyprint lang-php">
$FrontController->addPreFilter(new A_Controller_Front_Premethod('_denyAccess', array('', 'signin', ''), $Locator));
</pre>
<p>This will run a method named denyAccess($locator) in an action -- if it exists. The method does not have to exist, but will be run if it does. If the action returns true, then the error action passed to Front Controller will be run via a forward. The requested action will not run. The denyAccess() method can also return an array that specifies a different action to forward to. </p>

<p>The Action Controller code is cleaner because you don't have to put access code in any of the action methods.</p>

<pre class="prettyprint lang-php">
&lt;?php

class admin {
	
	protected $response;

	function admin($locator) {
		$this->response = $locator->get('Response');
		$this->userdata = $this->usersession->get();
	}
	
	function _denyAccess($locator) {
		$usersession = $locator->get('UserSession');
		if (! $usersession->isLoggedIn()) {
			return true;

// or to forward to a controller different from the registered one
#			$action = array('', 'error', '');
#			return $action;
		}
	}

	function index($locator) {
		$username = $this->userdata['userid'];
		$page_template = new A_Template_Include('examples/userapp/template/admin.tpl.php');
		$page_template->set('username', $username);
		$this->response->setContent($page_template->render());
	}
	
	function foo($locator) {
	}

}
</pre>
<p></p>
